Release 9.2.11.1¶
These are the Rolling Release Notes for Release 9.2.11.1. These release notes are applicable to both Privacera's Self-Managed version and PrivaceraCloud.
PolicySync Connector¶
Attribute-Based Include/Ignore Filtering for Non-Human IAM Principals
Attribute-Based Include/Ignore Filtering for Non-Human IAM Principals¶
- Added configurable attribute-based include and ignore filtering for IAM Principles (users, roles, and groups) to prevent non-human principals from being created in the target service, while preserving backward compatibility when the filters are not configured.
- For more details, refer Attribute-Based Principal Filtering.
Support for Email Case Conversion in Databricks Unity Catalog Connector
Support for Email Case Conversion in Databricks Unity Catalog Connector¶
- Added support for configuring email case conversion type when user email is used as PolicySync service username.
- For more details, refer User Email Case Conversion.
Updated Default Permission Sync Interval for Databricks Unity Catalog Connector
Updated Default Permission Sync Interval for Databricks Unity Catalog Connector¶
- Updated the default permission sync interval from 8 hours (28800 seconds) to 2 days (172800 seconds).
- The interval can still be customized using
CONNECTOR_DATABRICKS_UNITY_CATALOG_PERMISSION_SYNC_INTERVALin the connector configuration.
Added Flag to Control Resource Loading by Type for Databricks Unity Catalog Connector
Added Flag to Control Resource Loading by Type for Databricks Unity Catalog Connector¶
Added a flag to selectively enable or disable loading of each resource type in the DBX-UC connector. When a token has minimal (e.g., no metastore) permissions, you can turn off loading for resource types you don't manage to avoid UNAUTHORIZED_ACCESS and permission-denied errors.
Added Support for On Demand Sync V2 using Azure Event Hub for Snowflake Connector
Added Support for On Demand Sync V2 using Azure Event Hub for Snowflake Connector¶
- Added event-driven resource synchronization using Azure Event Hub for real-time, targeted policy updates.
- For more details, refer Configure Event-Driven On-Demand Sync.
Added API Support for On Demand Sync V2 for Snowflake Connector
Added API Support for On Demand Sync V2 for Snowflake Connector¶
- Added REST API support for triggering and monitoring On-Demand Sync tasks, removing the dependency on Kafka.
- The API provides JWT-secured task submission, status tracking, lifecycle monitoring, and Kubernetes health checks.
- For more details, refer Configure API-Driven On-Demand Sync.
Added UUID-based delta detection for Iceberg tables for Lakeformation Connector
Added UUID-based delta detection for Iceberg tables for Lakeformation Connector¶
Added UUID-based delta detection for Iceberg tables in federated catalogs, by leveraging the newly exposed iceberg.table.uuid for Lakeformation connector.
Fixed Issue of Orphaned UDFs in Databricks Unity Catalog Connector
Fixed Issue of Orphaned UDFs in Databricks Unity Catalog Connector¶
- Fixed an issue where UDFs created for Row Level Filter (RLF) and data masking policies were not automatically deleted when their associated tables were dropped.
- The system now properly removes related UDFs when a table is deleted, preventing orphaned functions and ensuring consistency between Unity Catalog and PolicySync.
Fixed Permission Loader Issues for AWS Lake Formation Connector
Fixed Permission Loader Issues for AWS Lake Formation Connector¶
Fixed permission loader issues for cross-account roles and multi-dialect views in the PolicySync AWS Lake Formation connector.
Trino Plugin¶
[PCloud] Access control support for Domains and Data Products in Starburst Trino
[PCloud] Access control support for Domains and Data Products in Starburst Trino¶
The Privacera Trino Plugin now supports access control for Domains and Data Products in Starburst Trino version 468 and later with PrivaceraCloud.
PEG¶
[PCloud] Partial Masking Support
[PCloud] Partial Masking Support¶
- Introduced partial encryption feature to mask
First NorLast Ncharacters of data in PrivaceraCloud. - This enhancement supports all format types, enabling more granular control over sensitive data protection.
Apache Ranger¶
[PCloud] Login Session and Admin Audits Cleanup Scheduler
[PCloud] Login Session and Admin Audits Cleanup Scheduler¶
Added an automated, configurable CronJob to periodically back up and clean up expired data from Login session and admin audits tables. Backups are stored in Privacera-managed S3 with a 30-day retention period.
Ranger Admin Metrics Cache Refresh (Initial Delay)
Ranger Admin Metrics Cache Refresh (Initial Delay)¶
Added support for scheduled refresh and caching of Ranger Admin metrics (except DB pool metrics) to avoid expensive database queries on every metrics scrape. When caching is enabled, metrics can initially appear empty/zero after startup until the first background refresh completes (tunable via ranger.metrics.cache.initial.delay.seconds and ranger.metrics.cache.interval.seconds).
Privacera Manager¶
Auto Cleanup for Logs and Snapshots in Zookeeper
Auto Cleanup for Logs and Snapshots in Zookeeper¶
Updated Zookeeper auto-cleanup to retain the last 10 snapshots and related logs, with daily cleanup execution for optimal storage management and reliable recovery.
Helm 4.x Support for OTEL Deployments and Upgrades
Helm 4.x Support for OTEL Deployments and Upgrades¶
Added Helm 4.x compatibility for seamless OpenTelemetry (OTEL) deployments and upgrades.
Privacera Discovery¶
Fixed Kafka KRaft Mode
Fixed Kafka KRaft Mode¶
Kafka configuration was updated to fix KRaft mode failures caused by file permissions. Kafka remains supported in both KRaft and ZooKeeper-based (non-KRaft) modes.
Privacera Portal¶
Enhanced Filtering to Support Tag Attributes in Tag Resource Mapping
Enhanced Filtering to Support Tag Attributes in Tag Resource Mapping¶
Resources can now be searched using both tag attribute keys and attribute values.
- Prev topic: Releases